AdvisoriesCISAAA23-144AMay 25, 2023
May 25, 2023
This joint advisory by US and international cybersecurity authorities highlights the recent discovery of cyber activities associated with Volt Typhoon, a state-sponsored actor originating from the People's Republic of China (PRC). The activities have been found to impact critical infrastructure sectors in the United States, with the potential for global implications. The actor's primary tactic, known as "living off the land," involves utilizing existing network administration tools to evade detection by blending in with normal system activities. The advisory provides examples of the actor's commands and detection signatures to assist network defenders.
May 25, 2023
Workstations and servers include built-in utilities that - in the hands of an attacker - can be used to exploit the device and those around it. General mitigation advice says to limit or monitor use of popular built-in utilities. However, this approach can be untenable at scale, as the list of utilities - and the way they can be leveraged - is infinite and overlapping with common device usage. Instead, a more future-proof solution is to replace the underlying operating system altogether. Instead of servers, use containers. Instead of laptops, use mobile devices or Chromebooks. These devices are “secure by design”, which means the operating system treats security as a leading priority and does not include access to most system utilities.
Be immediately notified of new advisories and associated security tests
AdvisoryCISAAA24-207AJuly 25, 2024
